What are you looking for ?
Advertise with us
RAIDON

Qnap Security Advisories Concerning Enhancement Vs. Security Vulnerabilities

Including buffer overflow vulnerabilities in Samba, vulnerabilities in QTS, QuTS hero, QuTScloud, QVP, and QVR OSs versions, in sudo and in OpenSSL

Qnap Systems, Inc. had published security enhancement vs. security vulnerabilities that could affect specific versions of company’s products. Use following information and solutions to correct security issues and vulnerabilities.

This advisory includes following:

Fixing: Buffer overflow vulnerabilities in Samba
Security ID: QSA-23-02
Release date: March 30, 2023
Severity: Medium
CVE identifier: CVE-2022-3437 | CVE-2022-3592
Affected products: Certain Qnap devices running Samba

Summary
Multiple buffer overflow vulnerabilities have been reported in Samba.

These vulnerabilities affect following Qnap’s OS:

  • QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR

The company have already fixed vulnerabilities in following OS versions:

  • QTS 5.0.1.2346 build 20230322 and later
  • QuTS hero h5.0.1.2348 build 20230324 and later

Qnap is urgently fixing the vulnerabilities in QuTScloud, QVP, and QVR. Check this security advisory regularly for updates and promptly update your OS to the latest recommended version as soon as it is available.

Resource: Learn more

Fixing : Buffer Overflow Vulnerability in Samba
Security ID: QSA-23-03
Release date: March 30, 2023
Severity: Medium
CVE identifier: CVE-2022-42898
Affected products: Certain Qnap devices running Samba

Summary
A buffer overflow vulnerability has been reported in Samba.

Vulnerability affects following the company’s OS:

  • QTS, QVP (QVR Pro appliances)

The company have already fixed the vulnerability in following OS versions:

  • QTS 5.0.1.2346 build 20230322 and later 

Qnap is fixing the vulnerability in QVP. Check this security advisory regularly for updates and promptly update your OS to the latest recommended version as soon as it is available.

Resource :Learn more

Fixing : Vulnerabilities in QTS, QuTS hero, QuTScloud, and QVP
Security ID: QSA-23-06
Release date: March 30, 2023
Severity: Low
CVE identifier: CVE-2022-27597 | CVE-2022-27598
Affected products: Certain Qnap devices

Summary
Two vulnerabilities have been reported to affect multiple the company’s OS. If exploited, these vulnerabilities allow remote authenticated users to get secret values.

Vulnerabilities affect following OS:

  • QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) 

The company have already fixed the vulnerabilities in the following OS versions:

  • QTS 5.0.1.2346 build 20230322 and later
  • QuTS hero h5.0.1.2348 build 20230324 and later

Qnap is fixing the vulnerabilities in QuTScloud and QVP. Check this security advisory regularly for updates and promptly update your OS to the latest recommended version as soon as it is available.

Resource : Learn more

Fixing : Vulnerability in QTS, QuTS hero, QuTScloud, QVP, and QVR
Security ID: QSA-23-10
Release date: March 30, 2023
Severity: Medium
CVE identifier: CVE-2023-23355
Affected products: Certain Qnap devices

Summary
A vulnerability has been reported to affect multiple Qnap OS. If exploited, the vulnerability allows remote authenticated users to execute arbitrary commands via susceptible Qnap devices.

Vulnerability affects the following Qnap OS:

  • QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR. 

The company have already fixed the vulnerability in the following OS versions:

  • QTS 5.0.1.2346 build 20230322 and later
  • QuTS hero h5.0.1.2348 build 20230324 and later

Qnap is fixing the vulnerabilities in QuTScloud, QVP, and QVR. Check this security advisory regularly for updates and promptly update your OS to the latest recommended version as soon as it is available.

Resource : Learn more

Fixing : Vulnerability in Sudo
Security ID: QSA-23-11
Release date: March 30, 2023
Severity: High
CVE identifier: CVE-2023-22809
Affected products: Certain Qnap devices

Summary
A vulnerability has been reported in Sudo.

Vulnerability affects the following Qnap OS:

  • QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances)

The company have already fixed the vulnerability in the following OS versions:

  • QTS 5.0.1.2346 build 20230322 and later
  • QuTS hero h5.0.1.2348 build 20230324 and later

Qnap is fixing the vulnerabilities in QuTScloud and QVP. Check this security advisory regularly for updates and promptly update your OS to the latest recommended version as soon as it is available.

Resource : Learn more

Fixing : Multiple vulnerabilities in OpenSSL
Security ID: QSA-23-15
Release date: March 30, 2023
Severity: Medium
CVE identifier: CVE-2023-0286 | CVE-2022-4304 | CVE-2023-0215 | CVE-2022-4450
Affected products: Certain Qnap devices

Summary
Multiple vulnerabilities have been reported in OpenSSL. These vulnerabilities affect the following firm’s OS:

  • QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR, QES

The company have already fixed the vulnerabilities in the following OS versions:

  • QTS 5.0.1.2346 build 20230322 and later
  • QuTS hero h5.0.1.2348 build 20230324 and later

Qnap is fixing the vulnerabilities in QuTScloud, QVP, QVR, and QES. Check this security advisory regularly for updates and promptly update your OS to the latest recommended version as soon as it is available.

Resource : Learn more

If you have any questions regarding this issue, contact the company’s support.

Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E